From owner-freebsd-net@freebsd.org Thu Aug 17 10:56:12 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8FE3DDDAC2A for ; Thu, 17 Aug 2017 10:56:12 +0000 (UTC) (envelope-from zarychtam@plan-b.pwste.edu.pl) Received: from plan-b.pwste.edu.pl (plan-b.pwste.edu.pl [89.188.221.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "plan-b.pwste.edu.pl", Issuer "plan-b.pwste.edu.pl" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 001006C38A for ; Thu, 17 Aug 2017 10:56:11 +0000 (UTC) (envelope-from zarychtam@plan-b.pwste.edu.pl) Received: from plan-b.pwste.edu.pl (zarychtam@localhost [127.0.0.1]) by plan-b.pwste.edu.pl (8.15.2/8.15.2) with ESMTPS id v7HAoLXO018773 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Thu, 17 Aug 2017 12:50:21 +0200 (CEST) (envelope-from zarychtam@plan-b.pwste.edu.pl) Received: (from zarychtam@localhost) by plan-b.pwste.edu.pl (8.15.2/8.15.2/Submit) id v7HAoLZb018772 for freebsd-net@freebsd.org; Thu, 17 Aug 2017 12:50:21 +0200 (CEST) (envelope-from zarychtam) Date: Thu, 17 Aug 2017 12:50:21 +0200 From: Marek Zarychta To: freebsd-net@freebsd.org Subject: Re: How likely is it that we can get a kernel tweak for 11.1 so the tcpmd5.ko module works? Message-ID: <20170817105021.GA17388@plan-b.pwste.edu.pl> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="rwEMma7ioTxnRzrJ" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.8.3 (2017-05-23) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Aug 2017 10:56:12 -0000 --rwEMma7ioTxnRzrJ Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Aug 17, 2017 at 03:51:25AM +0000, Dan Mahoney wrote: > All, >=20 > Please see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D220170 >=20 > Basically, there's a kernel module that's only usable if you've built a= =20 > custom kernel with IPSEC_SUPPORT. Since to build a custom kernel you've= =20 > going to rebuild this module anyway, I'm not sure why it was shipped in= =20 > -base. >=20 > ISC runs a lot of BGP routing daemons and many of the people we peer with= =20 > require password auth as part of their peering policy. We were really=20 > hoping for our new platform to not need to invent extra mechanics to=20 > build/deploy custom kernels. >=20 > How hard would it be to add: >=20 > 1) IPSEC_SUPPORT to base without waiting for 11.2? (After all, IPSEC=20 > itself is already in the base kernel). >=20 > or >=20 > 2) Building another module that would add the necessary IPSEC_SUPPORT=20 > knobs so TCPMD5 loads without needing to modify the shipped kernel? >=20 +1 It would be even better to exchange IPSEC with IPSEC_SUPPORT in GENERIC. Both modules: IPSEC as well as TCPMD5 could be loaded at boot time or later. Best regards, --=20 Marek Zarychta --rwEMma7ioTxnRzrJ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEMOqvKm6wKvS1/ZeCdZ/s//1SjSwFAlmVdOkACgkQdZ/s//1S jSwqOwgAoGDbgtsvMah1DzeGrkvuEYNkxKBEF0+XTaThqqCk1+k9zpQkDojgnS8x Cu1WvmaYfPZhqOQhcMv3dQ2rjyv3uS4X51YnDdfoYbnsZCFdgpek5zGCSn3S8fKM 20aAUO/iCkqc4//8W1Ryf0rR544vz5T2DJyo9tkQpLkO1ltXnV7JJbEzmq5FCeFq ivpc6f50arJ5o42DiSxlvViIX8kSqhlotB+cHpPkIdX3P9JXrBB/tHKuaUF6k6Sl T9OfDHHoWb94yBW1OfDiT6vKRVTHXZ+tzrEOXtdmuc281tEt277gQWxa+xEFu1Hl 3T68SunASN0a1zp4zu/zsHqn6L6DoA== =S9pF -----END PGP SIGNATURE----- --rwEMma7ioTxnRzrJ--